SQL Insert Question

Questions about the MySQL, PostgreSQL, and most other databases, as well as using it with PHP can be asked here.

Moderator: General Moderators

Post Reply
webphotogeek
Forum Newbie
Posts: 18
Joined: Sun Jul 04, 2010 12:11 pm

SQL Insert Question

Post by webphotogeek »

I am having a problem with SQL Insert. All of them work, except the last one (highlighted). Is is something with the syntax of the date and time? Do I need to use the mysql_real_escape_string()? Or could it be something else? If anyone has any idea what is going on, please let me know. Thanks.
Code is below:

$gen="INSERT INTO general (ID, fname, lname, address, city, state) VALUES ('$cust_id','$fname','$lname','$address','$city','$state')";
mysql_query($gen) or die('Could not connect to general table: ' . mysql_error());

$pur="INSERT INTO Purchasing (ID, Item, Description, Quantity, Price) VALUES ('$cust_id','$item','$descr','$quantity','$price')";
mysql_query($pur)or die('Could not connect to Purchasing table: ' . mysql_error());

$cre="INSERT INTO Credit (ID, Credit_Card_Number, Expiration, Code) VALUES ('$cust_id','$credit_card_number','$expiration','$code')";
mysql_query($cre)or die('Could not connect to Credit table: ' . mysql_error());

$del="INSERT INTO Delivery (ID, Date, Time, AMPM) VALUES ('$cust_id','$date','$time','$ampm')";
mysql_query($del)or die('Could not connect to Delivery table: ' . mysql_error());
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: SQL Insert Question

Post by AbraCadaver »

What is the error?
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
webphotogeek
Forum Newbie
Posts: 18
Joined: Sun Jul 04, 2010 12:11 pm

Re: SQL Insert Question

Post by webphotogeek »

No errors show up. I'm guessing the syntax is right and it is opening the table, but I was told I might need to add the mysql_real_escape_string() to prevent injection attacks for Insert. Is that true? And if so, how would I incorporate it into the syntax?

Thanks.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: SQL Insert Question

Post by AbraCadaver »

You should run any user submitted data, GET, POST, etc through mysql_real_escape_string() before inserting, but your issue is most likely the time/date format. What is the format in the DB and what is the format in your vars?
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
webphotogeek
Forum Newbie
Posts: 18
Joined: Sun Jul 04, 2010 12:11 pm

Re: SQL Insert Question

Post by webphotogeek »

In the DB, Date is set to date format (YYYY-MM-DD) and Time is set to time format (HH:MM:SS).
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: SQL Insert Question

Post by AbraCadaver »

webphotogeek wrote:In the DB, Date is set to date format (YYYY-MM-DD) and Time is set to time format (HH:MM:SS).
And the $date and $time vars?
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
Post Reply